Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Web Server HttpOnly Cookies Not In Use



The remote server does not adequately protect data stored with cookies


Based on the HTTP 'Cookie' header, PVS has determined that the remote server is not using the 'HttpOnly' cookie setting. By not using this setting, client side script can access the cookie. This can allow attackers to access cookies with potentially confidential data.


Configure your web server or application to use the 'HttpOnly' tag.